SSL_GetChannelInfo should return whether peer has the BEAST fix applied or not

NEW
Unassigned

Status

--
enhancement
4 years ago
4 years ago

People

(Reporter: ashwani.kadian, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
Build ID: 20150105205548

Steps to reproduce:

A simple handshake with different clients, with and without BEAST fix.


Actual results:

Server is not able to recognize if client has BEAST fix in place or not. 


Expected results:

Server should be able to query the clients if they have BEAST fix or not. Server should check internally in the socket state if the peer is breaking packets or not and then return that within SSL_GetChannelInfo().

Updated

4 years ago
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 1

4 years ago
Actually this applies to both sides. The client could also find out if the server has the fix.

Comment 2

4 years ago
This obviously only applies to connections using CBC cipher suites.
Summary: Server should know if client has BEAST fix or not → SSL_GetChannelInfo should return whether peer has the BEAST fix applied or not
You need to log in before you can comment on or make changes to this bug.